Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS7203.roa
File:                     AS7203.roa (raw, json)
Hash identifier:          XkUHV6VBlWc68iltfme+Od0e5AuDzXfKOZPbqZaTjv4=
Subject key identifier:   C8:25:1B:E0:21:31:6E:3D:78:0F:77:2E:1C:7B:0D:6B:9F:20:82:9D
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5870DFC14B1BA0E3C80D5654D0F77A5F3C227B2D
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS7203.roa
Signing time:             Tue 14 Apr 2026 09:01:09 +0000
ROA not before:           Tue 14 Apr 2026 08:56:09 +0000
ROA not after:            Tue 13 Apr 2027 09:01:09 +0000
asID:                     7203
IP address blocks:        84.75.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:70:df:c1:4b:1b:a0:e3:c8:0d:56:54:d0:f7:7a:5f:3c:22:7b:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 14 08:56:09 2026 GMT
            Not After : Apr 13 09:01:09 2027 GMT
        Subject: CN=C8251BE021316E3D780F772E1C7B0D6B9F20829D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:95:6c:6f:6c:b5:f9:dd:02:44:3a:65:a1:3c:
                    e8:d8:3a:bf:ed:93:72:be:53:5d:db:90:2f:50:5a:
                    55:d1:e6:2f:a7:14:f7:ce:9b:86:a5:b5:9f:94:56:
                    41:3c:52:01:f8:73:ed:3c:85:f4:1c:9a:39:16:74:
                    4a:e5:2b:3f:32:31:da:67:c4:3b:bc:cc:bd:d8:c7:
                    ff:f9:f8:ac:ee:80:d3:76:34:a5:da:a7:96:9b:52:
                    6d:5a:76:de:d2:d6:d9:76:2d:83:d7:94:88:40:34:
                    c0:35:8a:04:f3:f1:23:06:77:85:dc:df:c8:d9:a1:
                    dd:3b:50:36:a0:44:93:97:74:e4:3f:f1:96:25:dc:
                    ee:d2:e8:06:3a:dc:80:f6:c3:5c:60:88:54:0b:c2:
                    10:df:a2:2c:30:90:82:e6:ac:29:2f:a7:a9:4c:f9:
                    0c:03:9a:7d:b9:ce:ee:dc:78:7f:e3:42:a3:36:fa:
                    e0:48:1f:f0:10:9b:71:43:05:5d:5d:83:8f:37:2e:
                    25:e4:75:e5:98:53:fe:db:8b:1b:79:ad:ef:e8:a1:
                    2a:46:33:fa:9f:66:09:55:2a:6e:7e:27:6b:0a:94:
                    a0:0c:62:b5:4c:f9:a5:92:c0:f8:6f:62:9a:21:33:
                    14:60:75:1b:d3:31:b6:4d:15:ba:ef:7e:b6:35:d5:
                    c1:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:25:1B:E0:21:31:6E:3D:78:0F:77:2E:1C:7B:0D:6B:9F:20:82:9D
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS7203.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.75.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:07:6c:a3:ed:32:69:9e:a8:ef:33:da:da:c9:17:ae:ea:9d:
         0f:64:04:0e:77:5a:81:9a:3d:39:11:8d:30:1a:d5:a8:78:2e:
         dd:34:af:01:27:8b:9c:b4:83:43:22:6c:b4:e7:5a:b4:15:11:
         9c:50:0a:21:cb:20:0e:44:a7:6f:a6:da:05:b7:37:5b:9f:50:
         2c:3f:f8:9b:be:fa:3e:e4:8d:4e:ca:ae:5a:88:70:7a:86:24:
         1b:13:69:57:20:d7:d8:12:41:9f:e9:46:9a:55:41:87:38:d1:
         0f:24:2e:31:65:7b:11:52:c2:6e:be:ad:f3:1c:fe:84:74:96:
         af:f0:6b:68:09:42:21:46:38:4f:9a:5e:65:98:28:53:e2:f9:
         a1:e1:4a:b3:bb:ae:50:15:5c:d4:d0:5b:61:b6:1f:71:da:ee:
         d6:e7:1d:ba:08:bc:3d:69:b8:2a:d6:19:6e:d1:c6:2f:f0:0a:
         7e:73:1f:01:6a:6f:b9:c7:36:31:27:f1:94:cb:30:f5:8b:1c:
         f6:47:9d:c7:f8:8b:a7:a7:84:78:39:1c:03:9c:1e:36:c2:c8:
         ca:5f:93:56:b8:a0:4c:a1:f2:dd:3b:34:c3:db:16:5b:ae:ac:
         a0:94:25:27:5e:82:91:4d:cc:26:9e:d1:09:b5:16:1e:86:c7:
         ee:54:1b:46
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUWHDfwUsboOPIDVZU0Pd6Xzwiey0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MTQwODU2MDlaFw0yNzA0MTMwOTAxMDlaMDMxMTAvBgNV
BAMTKEM4MjUxQkUwMjEzMTZFM0Q3ODBGNzcyRTFDN0IwRDZCOUYyMDgyOUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwlWxvbLX53QJEOmWhPOjYOr/t
k3K+U13bkC9QWlXR5i+nFPfOm4altZ+UVkE8UgH4c+08hfQcmjkWdErlKz8yMdpn
xDu8zL3Yx//5+KzugNN2NKXap5abUm1adt7S1tl2LYPXlIhANMA1igTz8SMGd4Xc
38jZod07UDagRJOXdOQ/8ZYl3O7S6AY63ID2w1xgiFQLwhDfoiwwkILmrCkvp6lM
+QwDmn25zu7ceH/jQqM2+uBIH/AQm3FDBV1dg483LiXkdeWYU/7bixt5re/ooSpG
M/qfZglVKm5+J2sKlKAMYrVM+aWSwPhvYpohMxRgdRvTMbZNFbrvfrY11cHHAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUyCUb4CExbj14D3cuHHsNa58ggp0wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNzIwMy5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFRLkDAN
BgkqhkiG9w0BAQsFAAOCAQEANQdso+0yaZ6o7zPa2skXruqdD2QEDndagZo9ORGN
MBrVqHgu3TSvASeLnLSDQyJstOdatBURnFAKIcsgDkSnb6baBbc3W59QLD/4m776
PuSNTsquWohweoYkGxNpVyDX2BJBn+lGmlVBhzjRDyQuMWV7EVLCbr6t8xz+hHSW
r/BraAlCIUY4T5peZZgoU+L5oeFKs7uuUBVc1NBbYbYfcdru1ucdugi8PWm4KtYZ
btHGL/AKfnMfAWpvucc2MSfxlMsw9Ysc9kedx/iLp6eEeDkcA5weNsLIyl+TVrig
TKHy3Ts0w9sWW66soJQlJ16CkU3MJp7RCbUWHobH7lQbRg==
-----END CERTIFICATE-----